More than 50% of European families have some investment in digital currency. The average European family sees crypto as a viable investment and savings option. This was discovered in several recent surveys conducted over different demographic areas. Despite the volatility of the crypto space, as recent events highlight, it has seen a continuous rise in new investors. More people are committing to crypto investments and many of them are taking steps to buy into the growing market. The flurry…
954
views
views
Eclipse Attacks – What are They and How do They Work?
As the blockchain industry grows, we see an increase in the imagination of hackers. The first scams in the sector appeared somewhat naive. Today, we are witnessing the emergence of increasingly complex techniques.
With the refinement of hacking methodology, it is increasingly difficult for users to avoid cybersecurity traps. This article will discuss eclipse attacks, which are criminal mechanisms that attack blockchains.
The direct victim of the attack is not, in this case, the end-user. However, as we will explain, the consequences for an end-user can be dramatic.
A simple view of an eclipse attack
An eclipse attack consists of a series of computer operations of a complex nature aimed at destabilizing a blockchain. To put it simply, an attacker uses this technique to isolate part of the entire system.
Any node that makes up a blockchain can be the victim of an attack of this type. Generally speaking, we speak of an eclipse attack when a hacker isolates a node of a peer-to-peer (P2P) system.
The blockchain system divides its computational capacity over several components. These components (or “nodes”) help the system avoid data congestion cleverly.
It did not take much for hackers to figure out the existence of a loophole in the system. In fact, by creating a series of fake peers, an attacker can induce congestion in a single node.
There are several interesting studies on this matter. So put, when hackers manage to monopolize a node with fake connections, they gain significant power in the system.
The worst thing usually happening is the redirection of transactions from the original node to one owned by the attackers. At this point, hackers can disrupt mining operations or approve illegitimate transactions.
Understanding the moves of the attacker
At this stage, it is essential to clarify that the realization of an eclipse attack is not as simple as it may seem. In practice, attackers need to possess high technical skills and complex tools.
The attack relies on many IP addresses, behaving like the “fake peers” mentioned above. To gain control over a node, attackers must use advanced tools, such as botnets.
Once they overcome this obstacle, attackers can choose how to take advantage of their position. In general terms, we look at two types of strategies:
- Targeting mining operations: hackers can hide blocks that already exist in the chain. At this point, miners may believe they have created new partnerships in the system when this is not true.
- The “double-spend” mechanism: a hacker can easily duplicate transactions already entered in the blockchain.
What is the real motive of an eclipse attack?
If you are following our reasoning, you may have doubts about the real motive of an eclipse attacker. Disrupting the mining system and creating transaction duplicates are two significant issues in the system.
However, none of these strategies appears to bring direct advantages to the hackers.
A much more profound reason can lie beyond an eclipse attack. Achieving this purpose generally requires a strong destabilization of the blockchain.
The reasons leading to the attack can be various. Hackers may want to disrupt a new blockchain’s credibility in the industry. Alternatively, they may want to get in the way of a Dapp execution by targeting the blockchain it uses.
As a crowded industry, the blockchain sector has recently seen a rapid increase in internal competition. Consequently, it should not surprise us to learn how people may be ready to hack rival systems.
Can we fight eclipse attacks?
First of all, the ease with which a hacker can launch a successful eclipse attack depends on the infrastructure of a blockchain. Concerning this point, users generally have limited power.
One of the perks of blockchain is that, in general, users can propose and vote on internal technical changes. On Ethereum, for example, users can adhere to the Ethereum Improvement Proposals (EIP) program.
Another important aspect is to be wary of no-confirmation transactions. Some users may choose to use transactions that do not require confirmation. This decision stems from the desire to save time without assessing its consequences.
A hacker who launches an eclipse attack finds it easy to duplicate no-confirmation transactions. Removing a security step in the blockchain to speed up transactions can cost users a lot of money.
Final thoughts
The ability of hackers to leverage a blockchain strength in their favor is worrying. Of course, the node structure makes these chains highly efficient, but “all that glitters is not gold”, as they say.
Distributing the governance of a blockchain among users can lead to a progressive improvement in its security. The goal of cybersecurity should be to make a hacker’s life more difficult.
Eth
Ethereum
$1.967,94
price
price
1.85496%
price change
An industry intent on becoming more mature must understand how to prevent these unpleasant situations. The entire industry’s credibility depends on its security, an intangible asset of inestimable value.
Stay up to date with our latest articles
